RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v20]
Artur Barashev
abarashev at openjdk.org
Thu Oct 17 15:58:14 UTC 2024
On Thu, 17 Oct 2024 03:43:40 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> Does it happen in server side (server send plaintext) as well? I found some cases that the client decryption failed.
Current reports indicate it happens on the server side only (server throws the exception). Please share any cases when it happens on the client side. This PR has a check to handle this scenario on the server side only.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21043#issuecomment-2419926586
More information about the security-dev
mailing list